RandR 1.4 X server patch series

Keith Packard keithp at keithp.com
Sun Dec 5 21:57:04 PST 2010 

On Mon, 6 Dec 2010 06:39:02 +0100, Cyril Brulebois <kibi at debian.org> wrote:
> Hi,
> 
> Keith Packard <keithp at keithp.com> (05/12/2010):
> > Here's the full patch series to add RandR 1.4 functionality to the X
> > server. This is the order in which I propose to merge the patches to
> > the X server, to make it possible to bisect the X server in the
> > future, I've added all of the functionality before adding the final
> > protocol version updates and dispatching hooks.
> 
> (not that I can pretend reviewing anything like this for real)
> I checked that it builds successfully when patches are applied
> incrementally, assuming the missing version check gets fixed in the
> 2nd patch.
> 
> gcc warns about that:
> |   CC     rrcrtc.lo
> | rrcrtc.c: In function ‘ProcRRSetCrtcConfigs’:
> | rrcrtc.c:1687: warning: ‘configs’ may be used uninitialized in this function
> 
> I can't really see why it would think so. Looks like a warning one
> could easily silence by initializing configs to NULL.

Easy -- it can jump to 'sendReply:' early, calling RRFreeCrtcConfigs
with the uninitialized value. Good catch; I've been compiling with -O0
for debugging all weekend.

Here's a patch in my randr-1.4 branch. I'll mix that in at the right
spot with a bit of git rebase -i -fu later on.

commit 1c5c3e9ecc785651a493e75e0e3e1863ed23249a
Author: Keith Packard <keithp at keithp.com>
Date:   Sun Dec 5 21:53:25 2010 -0800

    ProcRRSetCrtcConfigs uses 'configs' without being initialized
    
    If the client sends invalid data for this request, the server
    will jump to 'sendReply' and call RRFreeCrtcConfigs, passing it the
    uninitialized 'configs' and 'num_configs' values.
    
    Signed-off-by: Keith Packard <keithp at keithp.com>

diff --git a/randr/rrcrtc.c b/randr/rrcrtc.c
index 97aa3d7..0fc8188 100644
--- a/randr/rrcrtc.c
+++ b/randr/rrcrtc.c
@@ -1682,9 +1682,9 @@ ProcRRSetCrtcConfigs (ClientPtr client)
     rrScrPrivPtr           scr_priv;
     xRRCrtcConfig          *x_configs;
     RRScreenConfigRec      screen_config;
-    RRCrtcConfigPtr        configs;
+    RRCrtcConfigPtr        configs = NULL;
     RROutput               *output_ids;
-    int                            num_configs;
+    int                            num_configs = 0;
     int                            rc, i;
     int                            extra_len;
     int                            num_output_ids;

-- 
keith.packard at intel.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.x.org/archives/xorg-devel/attachments/20101205/424bb750/attachment.pgp>

More information about the xorg-devel mailing list